DomaIQ pay-per install

Category: Adware and PUAs Protection available since:31 Jul 2015 23:53:44 (GMT)
Type: Unspecified PUA Last Updated:04 Oct 2017 07:37:30 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of DomaIQ pay-per install include:

Example 1

File Information

Size
450K
SHA-1
003abb561f4b75a48e1d35b83d3d9ea658f97640
MD5
02f2d4b25e9387ad14f56a8dd309d42a
CRC-32
6d57e7f4
File type
Windows executable
First seen
2017-03-31

Runtime Analysis

HTTP Requests
  • http://api.v2.secdls.com/index.php/api/259/Setup/561/621/English.xml
  • http://api.v2.secdls.com/index.php/apiLoading/621.html
  • http://api.v2.secdls.com/test.html
  • http://api.v2.sslsecure1.com/test.html
  • http://api.v2.sslsecure10.com/test.html
  • http://api.v2.sslsecure2.com/test.html
  • http://api.v2.sslsecure3.com/test.html
  • http://api.v2.sslsecure4.com/test.html
  • http://api.v2.sslsecure5.com/test.html
  • http://api.v2.sslsecure6.com/test.html
  • http://api.v2.sslsecure7.com/test.html
  • http://api.v2.sslsecure8.com/test.html
  • http://api.v2.sslsecure9.com/test.html
  • http://dtrack.secdls.com/debug/Version/4_0_6_44/trace/DownloadRequisitesFinish
  • http://dtrack.secdls.com/debug/Version/4_0_6_44/trace/EndLoading
  • http://dtrack.secdls.com/debug/Version/4_0_6_44/trace/GetBinaryData
  • http://dtrack.secdls.com/debug/Version/4_0_6_44/trace/GetXmlDataRequisites
  • http://dtrack.secdls.com/debug/Version/4_0_6_44/trace/Start
  • http://staticrr.paleokits.net/test.html
  • http://staticrr.sslsecure1.com/test.html
  • http://staticrr.sslsecure10.com/test.html
  • http://staticrr.sslsecure2.com/test.html
  • http://staticrr.sslsecure3.com/test.html
  • http://staticrr.sslsecure4.com/test.html
  • http://staticrr.sslsecure5.com/test.html
  • http://staticrr.sslsecure6.com/test.html
  • http://staticrr.sslsecure7.com/test.html
  • http://staticrr.sslsecure8.com/test.html
  • http://staticrr.sslsecure9.com/test.html
  • http://track.v2.secdls.com/test.html
  • http://track.v2.sslsecure1.com/test.html
  • http://track.v2.sslsecure10.com/test.html
  • http://track.v2.sslsecure2.com/test.html
  • http://track.v2.sslsecure3.com/test.html
  • http://track.v2.sslsecure4.com/test.html
  • http://track.v2.sslsecure5.com/test.html
  • http://track.v2.sslsecure6.com/test.html
  • http://track.v2.sslsecure7.com/test.html
  • http://track.v2.sslsecure8.com/test.html
  • http://track.v2.sslsecure9.com/test.html
DNS Requests
  • api.v2.secdls.com
  • api.v2.sslsecure1.com
  • api.v2.sslsecure10.com
  • api.v2.sslsecure2.com
  • api.v2.sslsecure3.com
  • api.v2.sslsecure4.com
  • api.v2.sslsecure5.com
  • api.v2.sslsecure6.com
  • api.v2.sslsecure7.com
  • api.v2.sslsecure8.com
  • api.v2.sslsecure9.com
  • dtrack.secdls.com
  • staticrr.paleokits.net
  • staticrr.sslsecure1.com
  • staticrr.sslsecure10.com
  • staticrr.sslsecure2.com
  • staticrr.sslsecure3.com
  • staticrr.sslsecure4.com
  • staticrr.sslsecure5.com
  • staticrr.sslsecure6.com
  • staticrr.sslsecure7.com
  • staticrr.sslsecure8.com
  • staticrr.sslsecure9.com
  • track.v2.secdls.com
  • track.v2.sslsecure1.com
  • track.v2.sslsecure10.com
  • track.v2.sslsecure2.com
  • track.v2.sslsecure3.com
  • track.v2.sslsecure4.com
  • track.v2.sslsecure5.com
  • track.v2.sslsecure6.com
  • track.v2.sslsecure7.com
  • track.v2.sslsecure8.com
  • track.v2.sslsecure9.com

Example 2

File Information

Size
450K
SHA-1
007039e226eea841f313138073e916a8e6fa47f3
MD5
7d19f692bb41f6054bcca1304111e824
CRC-32
018f452b
File type
Windows executable
First seen
2017-04-12

Runtime Analysis

Processes Created
  • c:\docume~1\support\locals~1\temp\dm\installer.exe
HTTP Requests
  • http://api.v2.secdls.com/index.php/api/151/Setup/476/682/English.xml
  • http://api.v2.secdls.com/index.php/apiLoading/682.html
  • http://api.v2.secdls.com/test.html
  • http://api.v2.sslsecure1.com/test.html
  • http://api.v2.sslsecure10.com/test.html
  • http://api.v2.sslsecure2.com/test.html
  • http://api.v2.sslsecure3.com/test.html
  • http://api.v2.sslsecure4.com/test.html
  • http://api.v2.sslsecure5.com/test.html
  • http://api.v2.sslsecure6.com/test.html
  • http://api.v2.sslsecure7.com/test.html
  • http://api.v2.sslsecure8.com/test.html
  • http://api.v2.sslsecure9.com/test.html
  • http://dtrack.secdls.com/debug/Version/4_0_6_44/trace/DownloadRequisitesFinish
  • http://dtrack.secdls.com/debug/Version/4_0_6_44/trace/EndLoading
  • http://dtrack.secdls.com/debug/Version/4_0_6_44/trace/GetBinaryData
  • http://dtrack.secdls.com/debug/Version/4_0_6_44/trace/GetXmlDataRequisites
  • http://dtrack.secdls.com/debug/Version/4_0_6_44/trace/Start
  • http://staticrr.paleokits.net/test.html
  • http://staticrr.sslsecure1.com/test.html
  • http://staticrr.sslsecure10.com/test.html
  • http://staticrr.sslsecure2.com/test.html
  • http://staticrr.sslsecure3.com/test.html
  • http://staticrr.sslsecure4.com/test.html
  • http://staticrr.sslsecure5.com/test.html
  • http://staticrr.sslsecure6.com/test.html
  • http://staticrr.sslsecure7.com/test.html
  • http://staticrr.sslsecure8.com/test.html
  • http://staticrr.sslsecure9.com/test.html
  • http://track.v2.secdls.com/test.html
  • http://track.v2.sslsecure1.com/test.html
  • http://track.v2.sslsecure10.com/test.html
  • http://track.v2.sslsecure2.com/test.html
  • http://track.v2.sslsecure3.com/test.html
  • http://track.v2.sslsecure4.com/test.html
  • http://track.v2.sslsecure5.com/test.html
  • http://track.v2.sslsecure6.com/test.html
  • http://track.v2.sslsecure7.com/test.html
  • http://track.v2.sslsecure8.com/test.html
  • http://track.v2.sslsecure9.com/test.html
DNS Requests
  • api.v2.secdls.com
  • api.v2.sslsecure1.com
  • api.v2.sslsecure10.com
  • api.v2.sslsecure2.com
  • api.v2.sslsecure3.com
  • api.v2.sslsecure4.com
  • api.v2.sslsecure5.com
  • api.v2.sslsecure6.com
  • api.v2.sslsecure7.com
  • api.v2.sslsecure8.com
  • api.v2.sslsecure9.com
  • dtrack.secdls.com
  • staticrr.paleokits.net
  • staticrr.sslsecure1.com
  • staticrr.sslsecure10.com
  • staticrr.sslsecure2.com
  • staticrr.sslsecure3.com
  • staticrr.sslsecure4.com
  • staticrr.sslsecure5.com
  • staticrr.sslsecure6.com
  • staticrr.sslsecure7.com
  • staticrr.sslsecure8.com
  • staticrr.sslsecure9.com
  • track.v2.secdls.com
  • track.v2.sslsecure1.com
  • track.v2.sslsecure10.com
  • track.v2.sslsecure2.com
  • track.v2.sslsecure3.com
  • track.v2.sslsecure4.com
  • track.v2.sslsecure5.com
  • track.v2.sslsecure6.com
  • track.v2.sslsecure7.com
  • track.v2.sslsecure8.com
  • track.v2.sslsecure9.com

Example 3

File Information

Size
312K
SHA-1
01cc97d27a86820795a63c354307684ff34c0849
MD5
eb2e106f7bb10270c3d158141d7fab78
CRC-32
339f61e2
File type
Windows executable
First seen
2013-10-23

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\nsu3.tmp\nsisdl.dll
HTTP Requests
  • http://dtrack.sslsecure1.com/debug/Version/4_0_6_32/Nsis/GetInfo
  • http://dtrack.sslsecure1.com/debug/Version/4_0_6_32/Nsis/Start
DNS Requests
  • dtrack.sslsecure1.com

download Try Sophos products for free
Download now